With a whole host of new and existing technologies available that help employees work remotely, it's no surprise that analysis from the Trade Union Congress indicates nearly a quarter of a million more people work from home than 10 years ago. As more and more employees look to work away from the office, CIOs and security professionals need to ensure that company security policies are established and enforced. Whether employees access company sensitive data from home offices, public Wi-Fi networks or hotels, the risk of a data breach or cyber-attack remains the same and with an average total cost of around £3 million per breach – managing the vulnerabilities has never been more important or challenging.
Managing the threat of BYOD
Using personal devices in the workplace is an attractive model which is being adopted by a growing number of businesses. While personal devices such as smartphones, tablets and laptops afford employees a greater level of flexibility they also present increasing risks – whether it be employees losing devices or compromising cybersecurity.
As the number of employees using their own devices to work remotely grows, so does the level of vulnerability – as IT professionals have less control. Certainly, business data becomes more vulnerable when it's accessed across numerous networks, through a range of applications and different devices. Sharing best practices with employees will help to reduce the risk of business-critical information being compromised unwittingly, as well as empowering employees to take responsibility for their devices and how they are used. Inform employees to update anti-malware programs, web browsers and other programs regularly and do full malware scans at least once a week. Additionally, ensure that a management plan is in place, setting out guidelines for how data should be accessed and saved. It can include specified apps or software, as well as regulations on data handling.
Physical security also needs to be a consideration and it's important to advise employees to keep their devices safe at all times, especially when working out of the office in coffee shops, public transport or in hotels and conference centres.
Use Wi-Fi responsibly
Undoubtedly Wi-Fi connections have accelerated business considerations for flexible working, as networks can provide employees with the ability to easily work away from the office. While public Wi-Fi networks offer great convenience, they are also highly susceptible to malicious attacks. Most recently, alarm bells rang when researchers pointed to a new vulnerability – Krack which enables hackers to read encrypted user data transiting a Wi-FI network. The most likely targets for an attack are those connected to public Wi-Fi networks, so it's best practice to advise employees to avoid joining them when accessing sensitive business information. Also refresh employees browsing habits by reminding them to only connect with web pages that have HTTPS features enabled.
Avoid simple passwords
It may sound like an obvious piece of advice but it's important to ensure that employees aren't using basic passwords – a classic example is password1234. Encouraging employees to adopt strong passwords with a minimum length and complexity, will help to combat breaches. In addition to being bad at creating passwords, it's commonplace for employees to repeatedly reuse them despite the obvious risks. Although creating unique and complex passwords can sound like an arduous task, there are a number of tools which can be implemented to aid the process. Passwords managers for instance, provide a secure way to generate long and unique passwords without relying on employees to remember them whilst adding another layer of encryption.
Turn on two-factor authentication (2FA) across all accounts
In addition to having a strong password, businesses should advise employees to turn on two-factor authentication (2FA) across all accounts. 2FA involves users entering a second piece of information, such as a fingerprint, or one-time code, in order to gain access to accounts. This extra layer of protection ensures that even if a hacker does obtain a user's password, they won't be able to get into the account. Furthermore, adopting 2FA will mean user credentials are protected from password guessing software, mitigating any damage from successful phishing attempts. Organisations are increasingly seeing the benefits of 2FA and are implementing it across the board as part of wider security policies.
Contributed by Gerald Beuchelt, CISO, LogMeIn
Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.